diff --git a/server/AyaNova/Controllers/TagController.cs b/server/AyaNova/Controllers/TagController.cs index a7eed5b0..21b3d643 100644 --- a/server/AyaNova/Controllers/TagController.cs +++ b/server/AyaNova/Controllers/TagController.cs @@ -145,7 +145,7 @@ namespace AyaNova.Api.Controllers TagBiz biz = new TagBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items)); //If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner - if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, TagBiz.BizType)) + if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } diff --git a/server/AyaNova/Controllers/UserController.cs b/server/AyaNova/Controllers/UserController.cs index 3037e1c3..2f199e5a 100644 --- a/server/AyaNova/Controllers/UserController.cs +++ b/server/AyaNova/Controllers/UserController.cs @@ -62,7 +62,10 @@ namespace AyaNova.Api.Controllers return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); } - if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, UserBiz.BizType)) + //Instantiate the business object handler + UserBiz biz = UserBiz.GetBiz(ct, HttpContext); + + if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } @@ -72,8 +75,7 @@ namespace AyaNova.Api.Controllers return BadRequest(new ApiErrorResponse(ModelState)); } - //Instantiate the business object handler - UserBiz biz = UserBiz.GetBiz(ct, HttpContext); + var o = await biz.GetAsync(id); if (o == null) @@ -103,7 +105,10 @@ namespace AyaNova.Api.Controllers return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); } - if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, UserBiz.BizType)) + //Instantiate the business object handler + UserBiz biz = UserBiz.GetBiz(ct, HttpContext); + + if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } @@ -113,8 +118,7 @@ namespace AyaNova.Api.Controllers return BadRequest(new ApiErrorResponse(ModelState)); } - //Instantiate the business object handler - UserBiz biz = UserBiz.GetBiz(ct, HttpContext); + ApiPagedResponse pr = await biz.GetManyAsync(Url, nameof(ListUsers), pagingOptions); return Ok(new ApiOkWithPagingResponse(pr)); @@ -186,13 +190,15 @@ namespace AyaNova.Api.Controllers return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); } - if (!Authorized.IsAuthorizedToModify(HttpContext.Items, UserBiz.BizType, o.OwnerId)) + //Instantiate the business object handler + UserBiz biz = UserBiz.GetBiz(ct, HttpContext); + + if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } - //Instantiate the business object handler - UserBiz biz = UserBiz.GetBiz(ct, HttpContext); + try { @@ -251,7 +257,7 @@ namespace AyaNova.Api.Controllers return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); } - if (!Authorized.IsAuthorizedToModify(HttpContext.Items, UserBiz.BizType, o.OwnerId)) + if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } @@ -301,7 +307,7 @@ namespace AyaNova.Api.Controllers UserBiz biz = UserBiz.GetBiz(ct, HttpContext); //If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner - if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, UserBiz.BizType)) + if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } @@ -365,7 +371,7 @@ namespace AyaNova.Api.Controllers return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); } - if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, UserBiz.BizType, dbObj.OwnerId)) + if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, biz.BizType, dbObj.OwnerId)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } diff --git a/server/AyaNova/Controllers/WidgetController.cs b/server/AyaNova/Controllers/WidgetController.cs index 59c75048..78cbc5bd 100644 --- a/server/AyaNova/Controllers/WidgetController.cs +++ b/server/AyaNova/Controllers/WidgetController.cs @@ -65,7 +65,10 @@ namespace AyaNova.Api.Controllers return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); } - if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, WidgetBiz.BizType)) + //Instantiate the business object handler + WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext); + + if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } @@ -75,8 +78,7 @@ namespace AyaNova.Api.Controllers return BadRequest(new ApiErrorResponse(ModelState)); } - //Instantiate the business object handler - WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext); + var o = await biz.GetAsync(id); if (o == null) return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); @@ -100,7 +102,10 @@ namespace AyaNova.Api.Controllers return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); } - if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, WidgetBiz.BizType)) + //Instantiate the business object handler + WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext); + + if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } @@ -110,8 +115,7 @@ namespace AyaNova.Api.Controllers return BadRequest(new ApiErrorResponse(ModelState)); } - //Instantiate the business object handler - WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext); + ApiPagedResponse pr = await biz.GetManyAsync(Url, nameof(ListWidgets), pagingOptions); return Ok(new ApiOkWithPagingResponse(pr)); @@ -185,13 +189,14 @@ namespace AyaNova.Api.Controllers return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); } - if (!Authorized.IsAuthorizedToModify(HttpContext.Items, WidgetBiz.BizType, o.OwnerId)) + //Instantiate the business object handler + WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext); + + if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } - //Instantiate the business object handler - WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext); try { @@ -252,7 +257,7 @@ namespace AyaNova.Api.Controllers return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); } - if (!Authorized.IsAuthorizedToModify(HttpContext.Items, WidgetBiz.BizType, o.OwnerId)) + if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } @@ -301,7 +306,7 @@ namespace AyaNova.Api.Controllers WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext); //If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner - if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, WidgetBiz.BizType)) + if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } @@ -361,7 +366,7 @@ namespace AyaNova.Api.Controllers return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); } - if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, WidgetBiz.BizType, dbObj.OwnerId)) + if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, biz.BizType, dbObj.OwnerId)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } @@ -396,10 +401,6 @@ namespace AyaNova.Api.Controllers return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); } - if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, WidgetBiz.BizType)) - { - return StatusCode(401, new ApiNotAuthorizedResponse()); - } throw new System.NotSupportedException("Test exception from widget controller"); } @@ -416,10 +417,7 @@ namespace AyaNova.Api.Controllers return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); } - if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, WidgetBiz.BizType)) - { - return StatusCode(401, new ApiNotAuthorizedResponse()); - } + throw new System.ArgumentException("Test exception (ALT) from widget controller"); } diff --git a/server/AyaNova/biz/BizObject.cs b/server/AyaNova/biz/BizObject.cs index 39d4bf91..62d382d9 100644 --- a/server/AyaNova/biz/BizObject.cs +++ b/server/AyaNova/biz/BizObject.cs @@ -25,7 +25,7 @@ namespace AyaNova.Biz #region common props - internal static AyaType BizType { get; set; } + internal AyaType BizType { get; set; } internal AyaNova.Models.AyContext ct { get; set; } internal long UserId { get; set; } internal long UserLocaleId { get; set; } diff --git a/server/AyaNova/biz/Search.cs b/server/AyaNova/biz/Search.cs index 6b722d01..7491a75f 100644 --- a/server/AyaNova/biz/Search.cs +++ b/server/AyaNova/biz/Search.cs @@ -106,8 +106,9 @@ namespace AyaNova.Biz { public long TotalResultsFound { get; set; } public List SearchResults { get; set; } - public SearchReturnObject(){ - TotalResultsFound=0; + public SearchReturnObject() + { + TotalResultsFound = 0; SearchResults = new List(); } } @@ -327,7 +328,7 @@ namespace AyaNova.Biz //TOTAL RESULTS //we have the total results here so set accordingly - ReturnObject.TotalResultsFound=MatchingObjects.Count; + ReturnObject.TotalResultsFound = MatchingObjects.Count; //MAXIMUM RESULTS FILTER //The theory is that it should be filtered BEFORE sorting so that you get the most random collection of results @@ -398,6 +399,14 @@ namespace AyaNova.Biz private static void ProcessKeywords(AyContext ct, long localeId, long objectID, AyaType objectType, bool newRecord, string name, params string[] text) { +#if (DEBUG) + if (objectType == AyaType.TagMap || objectType == AyaType.JobOperations || objectType == AyaType.Locale) + { + throw new System.NotSupportedException($"Search::ProcessKeywords - Invalid type presented {objectType}"); + } +#endif + + //IF NOT NEW, DELETE ALL EXISTING ENTRIES FOR OBJECT TYPE AND ID if (!newRecord) { diff --git a/server/AyaNova/biz/UserBiz.cs b/server/AyaNova/biz/UserBiz.cs index 78f6f8fa..c6f60859 100644 --- a/server/AyaNova/biz/UserBiz.cs +++ b/server/AyaNova/biz/UserBiz.cs @@ -23,7 +23,7 @@ namespace AyaNova.Biz internal UserBiz(AyContext dbcontext, long currentUserId, long userLocaleId, AuthorizationRoles userRoles) { - ct = dbcontext; + ct = dbcontext; UserId = currentUserId; CurrentUserRoles = userRoles; BizType = AyaType.User; @@ -71,12 +71,6 @@ namespace AyaNova.Biz //Handle child and associated items - // //Associated user options object - // UserOptions options = new UserOptions(UserId); - // options.User = outObj; - // ct.UserOptions.Add(options); - // await ct.SaveChangesAsync(); - //Log event EventLogProcessor.AddEntryToContextNoSave(new Event(UserId, outObj.Id, BizType, AyaEvent.Created), ct); await ct.SaveChangesAsync();